Laptop Encryption: Turns Out Poker Players Need Computer Security Too

Sometimes I'm surprised by who needs the protection afforded by laptop encryption software. According to various sources, a professional poker player from Finland had his laptop computer hacked by unknown assailants. While it's debatable whether encryption software would have helped in this case, it certainly would have posed a formidable barrier.

Online and Offline Poker Professional

According to verge.com, which in turn got the story from f-secure.com, reported earlier in the week that pro poker player Jens Kyllönen had an unusual experience while playing the European Poker Tour in Barcelona. Kyllönen had returned to his hotel room to find his laptop missing. Believing that his hotel roommate, Henri Jaakkola, took his laptop, Kyllönen left the room looking for him. When they both returned, the laptop was back where Kyllönen had originally left it.

It was readily evident that the laptop had been tampered with. According to pcmag.com, the laptop didn't require Kyllönen's login credentials, a change from previous settings. Furthermore, it wasn't booting up properly. Other sources note that the hotel room's key (the computerized kind) wasn't working correctly, either.

Kyllönen doesn't appear to have been the only one who was targeted, however. This September entry at pokerstrategy.com mentions that "several high profile online players had their laptops stolen" during the Barcelona leg of the tournament, and listed advice such as being aware of phishing attempts and keeping laptops encrypted.

What good would a laptop do at a poker tournament, you might ask? I've seen plenty of poker tournaments up close. AlertBoot is based in Las Vegas, after all, and there are three things that I cannot help but run into every year while I'm visiting headquarters: poker tournament players, Black Hat conference participants, and random Miss USA contestants. (That last one will be no more, though). Anyhow, returning to poker: at the tables, there is no use for a laptop. Even smaller devices like your phone, smart or otherwise, are not allowed anywhere near the table.

As it turns out, people who play poker for a living will play any venues where poker is offered, including online, assuming it's worthwhile. Kyllönen wasn't an exception. Seeing how he cleared over $2 million last year, you can presume that there's a lot virtual chips trading hands in the intertubes, and for poker pros a laptop is the only device that makes sense if they venture between offline and online gaming tables.

Evil Maid Attack

So, why was Kyllönen's laptop taken? Apparently, to surreptitiously install remote viewing software. Security professionals would call it a RAT (remote access trojan), but it's really nothing more than a secret installation of software similar to remote conference software like join.me, GoToMeeting, or WebEx. (Ironically enough, some also call it a RAT when the software is legitimate: remote access tool).

The RAT would allow the hotel-room intruders to monitor Kyllönen's cards when playing online, giving them an upper hand when playing against him, or any of the other players whose laptops were stolen in Barcelona.

This type of hacking – where a device is stolen, tampered with, and returned – is known as an evil maid attack among some, as a janitor attack in others (it depends on the building, I guess. It's kind of hard to imagine a maid making the rounds in an office building). Sometimes there's an extra step, where the evil maid returns to retrieve whatever was planted in the device. For example, instead of installing software, the laptop's hardware may have been tampered with, such as by installing gizmo between the keyboard and everything else (a physical keylogger).

An evil maid attack is difficult to pull off. First, there's no guarantee that the target will not return to his or her room while a laptop is being tampered with. (Ideally, you want more than one person to be carrying out the attack). Even if the device is taken, there's no guarantee that the owner will return to find it missing, as Kyllönen did, exposing the attack.

Second, there's no way to know what kind of protection is in place beforehand. For example, had Kyllönen protected his laptop with full disk encryption, chances are that it would have been impossible (or at least extremely hard) to infect it with a RAT.

In professional security circles, evil maid attacks are known as being impossible to protect against. However, impossible in this case doesn't mean easy, just like it's impossible to prevent an airplane crash. Yet, airplanes remain the safest form of transportation. With FDE in place, an attempt could be made if one had the appropriate tools to crack encryption, which takes considerable time to operate. All bets are off if a well-funded government organization is playing, though.

Chances are they won't be going after a poker player's laptop, though, so no worries there.

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading
provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing
support of the AlertBoot disk encryption managed service.
Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts
University in Medford, Massachusetts, U.S.A.